CVE-2017-14453— Insteon Hub 2245-222 缓冲区错误漏洞

N/A

On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. A strcpy overflows the buffer insteon_pubnub.channel_ad_r, which has a size of 16 bytes. An attacker can send an arbitrarily long "ad_r" parameter in order to exploit this vulnerability.

N/A

N/A

Insteon Hub 2245-222 缓冲区错误漏洞

Insteon Hub 2245-222是美国Insteon公司的一款Insteon中央控制器设备。该产品可远程控制家中的灯泡、墙壁开关、空调等。 使用1012版本固件的Insteon Hub 2245-222中存在缓冲区溢出漏洞。攻击者可通过发送任意长度的‘ad_r’参数利用该漏洞覆盖任意数据，执行代码或造成设备崩溃。

N/A

N/A